board-deck-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill is designed to process highly sensitive corporate information, including financial metrics (ARR, revenue, burn rate, cash position), cap tables, and organizational data (hiring plans, org charts, and departures). This information is used to populate the generated
board-deck.mdfile. - [INDIRECT_PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection because it reads and processes untrusted external data.
- Ingestion points: The instructions specify reading a "Prior board deck for continuity" and "Detailed P&L or financial statements" into the agent context.
- Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions when reading these external files.
- Capability inventory: The skill is configured with access to powerful tools including
Bash,Read,Write,Glob, andGrep. - Sanitization: The skill does not implement validation or sanitization for the content extracted from user-provided files.
Audit Metadata